Government Actively Developing Framework to Safeguard Citizen Data
The government is working on a robust data protection law, building on the Digital Personal Data Protection Act, 2023, to protect citizens' data.
Photo by Viva Luna Studios
त्वरित संशोधन
Government is working on a robust data protection law.
Digital Personal Data Protection Act, 2023, has been enacted.
UIDAI ensures robust security for Aadhaar data of 138 crore users.
महत्वपूर्ण संख्याएं
दृश्य सामग्री
Evolution of Data Protection Framework in India
This timeline illustrates the key milestones in India's journey towards a comprehensive data protection framework, from the recognition of privacy as a fundamental right to the enactment of the DPDP Act, 2023.
India's data protection journey has been a long process, driven by judicial pronouncements and technological advancements. The Puttaswamy judgment was a watershed moment, providing the constitutional mandate for a robust legal framework, which culminated in the DPDP Act, 2023.
- 1962Kharak Singh v. State of UP: Early recognition of privacy aspects (though not as a fundamental right).
- 1994R. Rajagopal v. State of Tamil Nadu: SC recognized 'right to be let alone' as part of Article 21.
- 2017K.S. Puttaswamy v. Union of India: Supreme Court declares Right to Privacy a Fundamental Right under Article 21, mandating a data protection law.
- 2018Srikrishna Committee Report & Draft Data Protection Bill: Expert committee submits recommendations for a data protection law.
- 2019Personal Data Protection Bill, 2019 introduced in Parliament.
- 2022Withdrawal of Personal Data Protection Bill, 2019, to make way for a more comprehensive framework.
- 2023Digital Personal Data Protection Act, 2023 enacted: India's first comprehensive law for digital personal data protection.
- 2024Government actively developing rules and framework for DPDP Act implementation (Current News).
India's Comprehensive Data Protection Framework
This mind map illustrates how various legal and institutional elements, as highlighted in the news, converge to form India's framework for safeguarding citizen data.
Safeguarding Citizen Data (Digital India)
- ●Digital Personal Data Protection Act, 2023
- ●Right to Privacy (Article 21)
- ●Unique Identification Authority of India (UIDAI)
- ●Aadhaar (Digital Identity)
परीक्षा के दृष्टिकोण
Constitutional provisions related to privacy and fundamental rights.
Key features and implications of the Digital Personal Data Protection Act, 2023.
Role and functions of statutory bodies like UIDAI and their data security protocols.
Evolution of data protection laws and policies in India.
Comparison with international data protection standards (e.g., GDPR).
Challenges in implementation and enforcement of data protection laws in a diverse digital landscape.
विस्तृत सारांश देखें
सारांश
The government is actively working to strengthen data protection for its citizens, emphasizing that it's a continuous process. This comes after the recent enactment of the Digital Personal Data Protection Act, 2023.
The Unique Identification Authority of India (UIDAI), which manages Aadhaar, also highlighted its robust security framework to protect the data of its 138 crore users. Essentially, the government is trying to create a comprehensive legal and technological framework to ensure that personal data, especially in the digital age, is handled responsibly and securely, addressing concerns about privacy and potential misuse.
पृष्ठभूमि
The discourse around data protection in India gained significant momentum after the Supreme Court's landmark judgment in K.S. Puttaswamy v. Union of India (2017), which declared the Right to Privacy as a fundamental right under Article 21.
This paved the way for a dedicated legal framework. Prior to this, data protection was largely governed by the Information Technology Act, 2000, which was deemed insufficient for the complexities of the digital age. Various committees, notably the Justice B.N.
Srikrishna Committee, were formed to draft a comprehensive data protection law.
नवीनतम घटनाक्रम
बहुविकल्पीय प्रश्न (MCQ)
1. With reference to the Digital Personal Data Protection Act (DPDP Act), 2023, consider the following statements: 1. The Act applies to the processing of digital personal data outside India if it involves offering goods or services to data principals within India. 2. It mandates that data fiduciaries must obtain explicit consent from data principals for processing their personal data, except in certain specified 'legitimate uses'. 3. The Act establishes a Data Protection Board of India as an independent body to adjudicate disputes and impose penalties. Which of the statements given above is/are correct?
- A.1 and 2 only
- B.2 and 3 only
- C.1 and 3 only
- D.1, 2 and 3
उत्तर देखें
सही उत्तर: D
Statement 1 is correct: The DPDP Act has extra-territorial applicability, covering processing of digital personal data outside India if it relates to offering goods or services to data principals in India. Statement 2 is correct: The Act emphasizes consent as the primary basis for processing personal data, but also provides for 'legitimate uses' where consent is not required (e.g., for state functions, medical emergencies). Statement 3 is correct: The Act establishes the Data Protection Board of India to enforce its provisions, inquire into breaches, and impose penalties. Thus, all three statements are correct.
2. In the context of the Right to Privacy in India, which of the following statements is NOT correct?
- A.The Supreme Court in K.S. Puttaswamy v. Union of India case declared the Right to Privacy as a fundamental right under Article 21 of the Constitution.
- B.The Right to Privacy is an absolute right and cannot be subjected to any reasonable restrictions by the state.
- C.The Justice B.N. Srikrishna Committee was constituted to recommend a framework for data protection law in India.
- D.The Aadhaar Act, 2016, was upheld by the Supreme Court, acknowledging its legitimate state interest in providing subsidies while also emphasizing privacy safeguards.
उत्तर देखें
सही उत्तर: B
Statement A is correct: The K.S. Puttaswamy judgment (2017) unequivocally declared privacy as a fundamental right. Statement C is correct: The Srikrishna Committee was indeed formed to draft a data protection law. Statement D is correct: The Supreme Court upheld the constitutional validity of the Aadhaar Act, 2016, but struck down certain provisions and emphasized the need for a robust data protection law. Statement B is NOT correct: Like most fundamental rights, the Right to Privacy is not absolute and can be subjected to reasonable restrictions by the state, provided they meet the tests of legality, necessity, and proportionality, as laid down in the Puttaswamy judgment.
3. Consider the following statements regarding the Unique Identification Authority of India (UIDAI) and Aadhaar: 1. UIDAI is a statutory authority established under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. 2. The Aadhaar database primarily stores biometric information (fingerprints and iris scans) and demographic data, but not financial transaction details. 3. Under the DPDP Act, 2023, UIDAI is considered a 'data fiduciary' responsible for the personal data it collects and processes. How many of the statements given above are correct?
- A.Only one
- B.Only two
- C.All three
- D.None
उत्तर देखें
सही उत्तर: C
Statement 1 is correct: UIDAI was established as a statutory authority under the Aadhaar Act, 2016. Statement 2 is correct: The Aadhaar database is designed to store biometric and demographic data for identity verification, not financial transaction details. Financial transactions are handled by respective financial institutions. Statement 3 is correct: As an entity that determines the means and purpose of processing personal data (of Aadhaar holders), UIDAI falls under the definition of a 'data fiduciary' as per the DPDP Act, 2023, and is therefore responsible for safeguarding that data.
4. Which of the following best describes the 'Data Principal' as defined in the Digital Personal Data Protection Act, 2023?
- A.The entity that determines the purpose and means of processing personal data.
- B.The individual to whom the personal data relates.
- C.The government agency responsible for enforcing data protection laws.
- D.An organization that processes personal data on behalf of another entity.
उत्तर देखें
सही उत्तर: B
The DPDP Act, 2023, defines 'Data Principal' as the individual to whom the personal data relates. This is typically the citizen or user whose data is being collected and processed. Option A describes a 'Data Fiduciary'. Option C describes a regulatory body (like the Data Protection Board). Option D describes a 'Data Processor'.
Source Articles
In move that may impact Big Tech companies, govt now proposes localisation of personal data in draft rules | Business News - The Indian Express
Govt will shorten data protection compliance timeline from 18 months: IT Minister Vaishnaw | Business News - The Indian Express
Centre notifies data protection rules, paves way for India’s first privacy law | Business News - The Indian Express
Latest News on Data Protection: Get Data Protection News Updates along with Photos, Videos and Latest News Headlines | The Indian Express
Centre tables Digital Personal Data Protection Bill, 2023: What it says and why it’s being criticised | Explained News - The Indian Express